Dear NXP Support Team,
I am currently facing an issue with CMAC generation and verification on S32K144 that uses the CSEc module. Specifically, I have noticed that the CMAC generated through the CSEc module is failing verification when compared to an offline CMAC generated using the same key and data from an open source tool which we intend to use in our host PC afterwards.
Can you please provide guidance on how to troubleshoot this issue? Are there any known limitations or constraints that I should be aware of when using the CSEc module for CMAC generation and verification? Are there any specific settings or configurations that I need to ensure are properly configured to ensure successful CMAC generation and verification through the CSEc module?
Secondly, i would like to ask you about the secure boot functionality of the said MCU. Is there any defined mechanism to enable the secure boot automatically within the MCU or we have to implement it on own side. If there is any defined mechanism kindly guide us how to implement it.
Thank you in advance for your assistance with this matter.
Best regards,
Baseer
regarding the CMAC, see please my answer here:
I used test vectors from SHE specification to confirm that the CMAC is generated correctly. The test vector is the best option for start.
Regarding secure boot, you can take a look at this application note:
https://www.nxp.com/webapp/Download?colCode=AN5401&location=null
https://www.nxp.com/webapp/Download?colCode=AN5401SW&location=null
Section "4.4 Secure Boot" explain this in detail. Example "4_secure_boot_add_BOOT_MAC_manual" shows how to enable the secure boot and how to add boot MAC - either automatically or manually.
If you use SDK, you can take a look at this example:
c:\NXP\S32DS.3.4\S32DS\software\S32SDK_S32K1XX_RTM_4.0.3\examples\S32K144\demo_apps\csec_boot_protection\
But I recommend to study AN5401 anyway before using SDK version.
Regards,
Lukas